Newer
Older
CHaS / PEaS.pl
root on 7 May 8 KB Initial commit
#!/usr/bin/perl
# By NaN
#
#   Requirements:
#       aha              https://github.com/masukomi/aha 
#       sslscan          https://github.com/rbsec/sslscan 
#       testssl          https://github.com/drwetter/testssl.sh
#       securityheaders  https://github.com/juerkkil/securityheaders
#       nmap             https://nmap.org
#       nikto            https://github.com/sullo/nikto
#       dirb             https://sourceforge.net/projects/dirb/files/
#       wig              https://github.com/jekyc/wig
#       davtest          https://github.com/cldrn/davtest
#       wafw00f          https://github.com/EnableSecurity/wafw00f
#       whatweb          https://github.com/urbanadventurer/whatweb
#       metagoofil       https://github.com/kurobeats/metagoofil
#       spaghetti        https://github.com/m4ll0k/Spaghetti

use Socket;
use URI;

# command or path to pentest tools
# comment out to disable - e.g. nmap
my $sslscan = "sslscan";                                  # sslscan
my $testssl = "testssl";                                  # testssl.sh
my $headers = "/opt/securityheaders/securityheaders.py";  # securityheaders 
#my $nmap    = "nmap";                                    # nmap
my $nikto   = "nikto";                                    # nikto
#my $dirb    = "dirb";                                    # dirb
my $wig     = "/opt/wig/wig.py";                          # wig 
my $davtest = "davtest";                                  # davtest
my $wafw00f = "wafw00f";                                  # wafw00f
my $whatweb = "whatweb";                                  # whatweb
#my $metagoo = "metagoofil";                               # metagoofil
#my $spaghet = "/opt/Spaghetti/spaghetti.py";              # spaghetti

# misc
my $aha     = "aha";                                      # aha
my $browser = "thunar";                                   # your file browser - remove to disable

if($#ARGV < 1){
        print "Pre-Pentest Enumeration and Scanning v0.1\n";
        print "Usage: ./PEaS.pl </full/directory/path> <https://www.url.com>\n";
        exit(-1);
}else{
        
        my $dir = $ARGV[0];
        my $url = $ARGV[1]; 
        my @children_pids;

        if($url =~ /^(?:(?:http?|s))/i){}else{
                die "[!] Not a valid URL!\n";
        }

        print "[i] Directory: $dir \n";
        print "[i] URL: $url \n";

        my $uri = URI->new( $url );
        my $ip_addr = gethostbyname( $uri->host );
        $ip_addr = inet_ntoa( $ip_addr );
        print "[i] IP address: $ip_addr \n";


        print "[+] Creating Directory\n";
        unless(mkdir($dir, 0755)) {
                die "[!] Unable to create!\n";
        }

        if(defined($sslscan)){
            my $pid = fork();
            if( $pid == 0 ){
                push @children_pids, $pid;
                if($url =~ /https/){
                    print "[+] Launching SSLScan\n";
                    system("$sslscan $url | aha >$dir/sslscan.html");
                    print "[+] Finished SSLScan\n";
                }else{
                    print "[-] Skipping SSLScan\n";
                }
                exit 0;
            }
        }

        if(defined($testssl)){
            my $pid2 = fork();
            if( $pid2 == 0){
                push @children_pids, $pid2;
                if($url =~ /https/){
                    print "[+] Launching testssl.sh\n";
                    system("$testssl $url | aha >$dir/testssl.html");
                    print "[+] Finished testssl.sh\n";
                }else{
                    print "[-] Skipping testssl.sh\n";
                }
                exit 0;
            }
        }

        if(defined($headers)){
            my $pid3 = fork();
            if( $pid3 == 0 ){
                    push @children_pids, $pid3;
                    print "[+] Checking Headers\n";
                    system(" echo \"curl -Is --insecure $url\n\" > $dir/headers.txt");
                    system("curl -Is --insecure $url >> $dir/headers.txt");
                    system("python $headers $url | aha >$dir/headers.html");
                    print "[+] Finished Headers\n";
                    exit 0;
            }
        }

        if(defined($nmap)){
            my $pid4 = fork();
            if( $pid4 == 0 ){
                    push @children_pids, $pid4;
                    print "[+] Launching nmap\n";
                    system("$nmap -p- -A -Pn -sT -oA $dir/nmap $ip_addr >/dev/null");
                    print "[+] Finished nmap\n";
                    exit 0;
            }
        }

        if(defined($nikto)){
            my $pid5 = fork();
            if( $pid5 == 0 ){
                    push @children_pids, $pid5;
                    print "[+] Launching nikto\n";
                    system("$nikto -nointeractive -output $dir/nikto.txt -host $url >/dev/null");
                    print "[+] Finished nikto\n";
                    exit 0;
            }
        }

        if(defined($dirb)){
            my $pid6 = fork();
            if( $pid6 == 0 ){
                    push @children_pids, $pid6;
                    print "[+] Launching dirb\n";
                    system("$dirb $url -o $dir/dirb.txt >/dev/null");
                    print "[+] Finished dirb\n";
                    exit 0;
            }
        }

        if(defined($wig)){
            my $pid7 = fork();
            if( $pid7 == 0 ){
                    push @children_pids, $pid7;
                    print "[+] Launching wig\n";
                    system("python3 $wig -q $url | aha >$dir/wig.html");
                    print "[+] Finished wig\n";
                    exit 0;
            }
        }

        if(defined($davtest)){
            my $pid8 = fork();
            if( $pid8 == 0 ){
                    push @children_pids, $pid8;
                    print "[+] Launching davtest\n";
                    system("$davtest -cleanup -quiet -url $url >$dir/davtest.txt");
                    print "[+] Finished davtest\n";
                    exit 0;
            }
        }

        if(defined($wafw00f)){
            my $pid9 = fork();
            if( $pid9 == 0 ){
                    push @children_pids, $pid9;
                    print "[+] Launching wafw00f\n";
                    system("$wafw00f $url >$dir/wafw00f.txt");
                    print "[+] Finished wafw00f\n";
                    exit 0;
            }
        }

        if(defined($whatweb)){
            my $pid10 = fork();
            if( $pid10 == 0 ){
                    push @children_pids, $pid10;
                    print "[+] Launching whatweb\n";
                    system("$whatweb --no-errors -a 3 $url | aha >$dir/whatweb.html");
                    print "[+] Finished whatweb\n";
                    exit 0;
            }
        }

        if(defined($metagoo)){
            my $pid11 = fork();
            if( $pid11 == 0 ){
                    push @children_pids, $pid10;
                    print "[+] Launching metagoofil\n";
                    print "[+] Creating Directory\n";
                    mkdir("$dir/downloaded_docs", 0755);
                    system("$metagoo -d $url -t pdf,doc,xls,ppt,docx,xlsx,pptx -l 100 -h yes -o $dir/downloaded_docs -f $dir/metagoofil.html");
                    print "[+] Finished metagoofil\n";
                    exit 0;
            }
        }

        if(defined($spaghet)){
            my $pid12 = fork();
            if( $pid12 == 0 ){
                    push @children_pids, $pid3;
                    print "[+] Launching spaghetti\n";
                    system("python $spaghet -u $url | aha >$dir/spaghetti.html");
                    print "[+] Finished spaghetti\n";
                    exit 0;
            }
        }

        my $loop = 1;
        $SIG{CHLD} = 'DEFAULT';  # turn off auto reaper
        $SIG{INT} = $SIG{TERM} = sub {$loop = 0; kill -15 => @children_pids};
        while ($loop && getppid() != 1) {
                my $child = waitpid(-1, 0);
                last if $child == -1;
        }

        if( length $browser ){
                print "[!] Launching file browser\n"; 
                system("$browser $dir &");      
        }else{
             print "[!] Complete\n";   
        }
        exit();
}